Access control via a mobile device

ABSTRACT

Systems, devices, and methods for access control via a mobile device are described herein. One device includes instructions stored thereon executable by a processor to track a location of a mobile device in a facility based on communications between the mobile device and a plurality of beacons located in the facility, wherein the mobile device is associated with a particular user having access rights associated with the facility, determine that the mobile device is located in a particular area of the facility, determine whether the user is allowed access to the particular area based on the access rights, and provide a notification responsive to a determination that the user is not allowed access to the particular area.

TECHNICAL FIELD

The present disclosure relates to systems, devices, and methods foraccess control via a mobile device.

BACKGROUND

Access control systems are designed to provide access to areas of afacility for individuals who are authorized to access such areas, anddeny access to those areas of the facility to individuals who are notauthorized to access such areas. For example, certain individuals may beauthorized to access a secure area of a facility, whereas otherindividuals may not be allowed to access the secure area.

Previous approaches to access control systems may use physical accesscards. Carrying a physical access card may be cumbersome. A user may belocked out of an area if the user forgets to carry the physical accesscard, and an unauthorized user may gain access to a secure area becausethe access control system cannot verify the physical identity of theuser carrying the physical access card.

Additionally, previous approaches may not link an access control systemwith a physical access card to track the card within the facility inthat the physical access card may be disconnected from the system untilthe user manually displays the card to an access reader, for instance.Moreover, a person may not use the card (intentionally orunintentionally) and gain access to an area of a facility by followinganother person in.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A illustrates a system for access control via a mobile device inaccordance with one or more embodiments of the present disclosure.

FIG. 1B illustrates the system for access control via a mobile devicewherein a mobile device is located at a first location in accordancewith one or more embodiments of the present disclosure.

FIG. 1C illustrates the system for access control via a mobile devicewherein the mobile device is located at a second location in accordancewith one or more embodiments of the present disclosure.

FIG. 1D illustrates the system for access control via a mobile devicewherein the mobile device is located at a third location in accordancewith one or more embodiments of the present disclosure.

FIG. 2 illustrates a mobile device in accordance with one or moreembodiments of the present disclosure.

DETAILED DESCRIPTION

Access control via a mobile device is described herein. For example, oneor more embodiments include a computer-readable medium havinginstructions stored thereon executable by a processor to track alocation of a mobile device in a facility based on communicationsbetween the mobile device and a plurality of beacons located in thefacility, wherein the mobile device is associated with a particular userhaving access rights associated with the facility, determine that themobile device is located in a particular area of the facility, determinewhether the user is allowed access to the particular area based on theaccess rights, and provide a notification responsive to a determinationthat the user is not allowed access to the particular area.

Embodiments of the present disclosure can effectively replace auser-carried physical access card and access control system hardwaredevices with a mobile device. By using a mobile device—something mostusers typically already carry—embodiments of the present disclosure canprovide increased security while streamlining user interaction with theaccess controls system. Additionally, embodiments herein can reducecosts by obviating the need for expensive hardware devices to verifyuser identities.

Increased security can be provided through capabilities offered bymobile devices. In some embodiments, users (i.e., the user's mobiledevice) can be assigned a digital identity (discussed further below).The digital identity can allow the mobile device, instead of a physicalhardware access controller, to control access, for instance.

Increased security can be provided by maintaining a connection between amobile device and a centralized physical security system (hereinreferred to as “access control system”). User interaction with theaccess control system can be streamlined via capabilities offered bymobile devices. In some embodiments, global positioning system (GPS),WiFi, and/or other location functionalities provided by the mobiledevice may allow the automatic determination of user location (e.g.,without user input). Thus, rather than physically presenting a card (orother device) for access to an area, the user can simply draw within aparticular distance of the area.

That is, whereas previous approaches may utilize “card readers,” whichtypically call for a user to present a card (e.g., badge and/or othertoken), read the card, then transmit a signal physically to an accesscontroller to make an access determination (e.g., whether the user isallowed access), embodiments of the present disclosure can allow themobile device itself to effectively become the card. Then, the “card”can be presented to a “reader” by virtue of the mobile device being in aparticular physical location (or within a particular distance of aparticular physical location).

By tracking the location of a mobile device associated with a user,embodiments of the present disclosure can determine if a user hasentered an area to which the user is not allowed access. In some cases,such entry can be the result of “tailgating,” for instance. Tailgatingrefers to a person intentionally or unintentionally following anotherperson through a secured door into an area. Because access is grantedonly to the first person, previous approaches to access control may noteven be aware that the tailgater has entered the area.

Embodiments herein can determine when a person has entered an area towhich they are not allowed access by tracking their mobile device. Whena person is determined to have entered such an area, one or more actionsmay be taken. In some embodiments, a notification may be sent to themobile device. In some embodiments, a notification may be sent to acomputing device. In some embodiments, security personnel may bedispatched in order to make contact with the person.

In the following detailed description, reference is made to theaccompanying drawings that form a part hereof. The drawings show by wayof illustration how one or more embodiments of the disclosure may bepracticed.

These embodiments are described in sufficient detail to enable those ofordinary skill in the art to practice one or more embodiments of thisdisclosure. It is to be understood that other embodiments may beutilized and that process, electrical, and/or structural changes may bemade without departing from the scope of the present disclosure.

As will be appreciated, elements shown in the various embodiments hereincan be added, exchanged, combined, and/or eliminated so as to provide anumber of additional embodiments of the present disclosure. Theproportion and the relative scale of the elements provided in thefigures are intended to illustrate the embodiments of the presentdisclosure, and should not be taken in a limiting sense.

The figures herein follow a numbering convention in which the firstdigit or digits correspond to the drawing figure number and theremaining digits identify an element or component in the drawing. Asused herein, “a” or “a number of” something can refer to one or moresuch things. For example, “a number of areas” can refer to one or moreareas.

FIG. 1A illustrates a system 100 for access control via a mobile devicein accordance with one or more embodiments of the present disclosure. Asshown in FIG. 1, system 100 a plurality of beacons in a facility 101.Nine beacons are illustrated in FIG. 1A, though it is noted embodimentsof the present disclosure are not limited to a particular number ofbeacons. The beacons include a beacon 106-1, a beacon 106-2, a beacon106-3, a beacon 106-4, a beacon 106-5, a beacon 106-6, a beacon 106-7, abeacon 106-8, and a beacon 106-9, and are cumulatively referred toherein as “beacons 106.”

The beacons 106 can be devices capable of wireless communication with amobile device. In some embodiments, one or more of the beacons 106 canbe associated with (e.g., located proximal to) the relay 104, the door105, and/or the area 102. For instance, the beacon 106-2 is locatedproximal to the door 105 (e.g., within 5 feet of the door 105). Thebeacons 106 can allow the determination of a location of a mobile devicein the facility 101. For example, the beacons 106 can allow thedetermination of whether a mobile device is within a particular (e.g.,threshold) distance of the area 102 and/or the door 105. The beacons 106can communicate with a mobile device via Bluetooth Low Energy (BLE)technology (e.g., as an iBeacon), WiFi, etc. In some embodiments, thebeacons 106 can include one or more readable tags (e.g., near fieldcommunication (NFC)) tags.

A facility, as used herein, can refer to one or more buildings,businesses, homes, plants, hospitals, refineries, etc. The facility 101can include indoor and/or outdoor areas. The facility 101 includes anarea 102. The area 102 can be a portion of the facility 101. In someembodiments, the area 102 can be a room, a plurality of rooms, a wing, abuilding, a plurality of buildings, an installation, etc. In someembodiments, the area 102 can be defined by physical boundaries (e.g.,walls, doors, etc.). In some embodiments, the area 102 can be defined bylogical and/or geographic boundaries. The area 102 can be defined by auser, by a Building Information Model (BIM) associated with the facility101, and/or by an access control system.

The area 102 may be a restricted area and/or an area requiring accessrights for entry. Entry into and/or exit from the area 102 can be madevia a door 105. Unlocking of the door may be performed by a relay 104.The relay 104 can be a device allowing remote control that can beactuated by variation in conditions of one or more electric circuits. Insome examples, the relay 104 can be a locking device. In some examples,the relay 104 can include one or more actuating mechanisms.

In some embodiments, control of the relay 104 may be provided from amobile device. In some embodiments, the control may be provided directlyfrom a computing device (e.g., the ACS 107, described below) or via oneor more intermediary devices (e.g., a controller) in communication withthe relay 104.

Because, as described above, the “card” can be presented to a “reader”by virtue of the mobile device 102 being in a particular physicallocation (or within a particular distance of a particular physicallocation), embodiments of the present disclosure can implement the relay104 in the absence of a controller (e.g., a local controller). That is,in some embodiments, the relay 104 does not include a controller.Various examples herein may refer to the relay 104 being a lockingdevice for a door, but it is to be understood that such examples are notto be taken in a limiting sense; embodiments of the present disclosuredo not limit relay 104 to a particular device.

The ACS 107 can be a computing device (e.g., a computing device having aprocessor and a memory, described below in connection with FIG. 2). TheACS 107 can control (e.g., manage) access to a number of areas (e.g.,the area 102) of the facility 101. Though in the example illustrated inFIG. 1 the ACS 107 is shown external to the facility 101 (e.g., remotewith respect to the facility 101), embodiments of the present disclosureare not so limited. In some embodiments, the ACS 107 is internal to thefacility 101 (e.g., local with respect to the facility 101). In someembodiments, the ACS 107 can be cloud-based. In some embodiments, theACS 107 can manage access to one or more areas across a plurality offacilities.

FIG. 1B illustrates the system 100 for access control via a mobiledevice wherein a mobile device 108 is located at a first location inaccordance with one or more embodiments of the present disclosure. Themobile device 108 can be a client device carried or worn by a user. Forexample, the mobile device 108 can be a phone (e.g., smart phone),personal digital assistant (PDA), tablet, and/or wearable device (e.g.,wristband, watch, necklace, etc.).

The mobile device 108 can include one or more software applications(e.g., apps) which can define and/or control communications between themobile device 108, the ACS 107, and/or other devices. Apps may bereceived by the mobile device 108 from the ACS 107, for instance. Appsmay be launched by a user and/or responsive to some other condition(e.g., the interaction between the mobile device 108 and a beacon(discussed below)). In some embodiments, apps can be executing asbackground apps. Apps may be and/or include a digital identity,discussed further below.

The mobile device 102 can communicate with (e.g., exchange data with)the ACS 107 via a wired and/or wireless connection, for instance. Insome embodiments, the mobile device 108 can communicate using one ormore communications modules (e.g., cellular, WiFi, etc.). The ACS 107can communicate with the relay 104 via a wired and/or wirelessconnection, for instance. Communication between various devices hereincan be carried out over a wireless network. A wireless network, as usedherein, can include WiFi, Bluetooth, or any other suitable means towirelessly transmit and/or receive information.

The mobile device 108 can include a location functionality configured todetermine a location of the mobile device. In some embodiments, thelocation functionality includes a GPS and/or WiFi functionality of themobile device 108, though embodiments of the present disclosure are notso limited. For example, the mobile device 108 can include an imagingfunctionality (e.g., a camera) which can be used to read a code at aparticular (e.g., known) location in the facility 101. In someembodiments, the mobile device 108 can utilize visual lightcommunication (VLC) techniques to determine its position in the facility101.

Embodiments of the present disclosure can track a location of the mobiledevice 108 in the facility 101. As discussed further below, the mobiledevice 108 can be associated with a particular user having access rightsassociated with the facility 101. In some embodiments, the user may haveaccess to some portions of the facility but not other portions (e.g.,the area 102). In some embodiments, tracking the location can includereceiving location information by the ACS 107. The location informationcan be provided as a particular geographic location (e.g.,latitude/longitude) and/or a location with respect to another location,such as an area of a facility 101 or one or more of the beacons 106 ofthe facility 101. In some embodiments, location information can becommunicated from the mobile device 108, and thus received by the ACS107, responsive to a communication being established between the mobiledevice 108 and one or more of the beacons 106. In some embodiments, anindication that the mobile device 108 is within a particular distance ofthe area 102 can be received (e.g., as a request for access to the area102).

Embodiments of the present disclosure can determine that the mobiledevice 108 is located in the particular area 102 (e.g., based on acommunication being established between the mobile device 108 and thebeacon 106-3, for instance. A determination can be made regardingwhether the user associated with the mobile device 108 is allowed accessto the area 102 based on access rights associated with the user.

In some embodiments, the determination of whether the user of the mobiledevice 108 is allowed access to the area 102 can be made by the mobiledevice 108. In some embodiments, the determination of whether the useris allowed access to the area 102 can be made by the ACS 107.

As discussed herein, the determination of whether the user of the mobiledevice 108 is allowed access to the area 102 can be made by the mobiledevice 108. Accordingly, access control (i.e., the determination ofwhether to grant access) can be moved from a controller (or otherhardware device(s) seen in previous approaches) to the mobile device 108itself. Accordingly, where access control is implemented on a mobiledevice in accordance with embodiments of the present disclosure,facilities need not employ complex physical access controllers capableof managing access only to a limited number of access points (e.g.,doors) as in previous approaches. Instead, a remote and/or virtual(e.g., cloud-based) controller can be implemented, for instance, inconjunction with one or more relays (such as those previouslydiscussed).

Determining whether the user is allowed access to the area can includedetermining whether the user (via the mobile device 108) has beenprovided with (or otherwise received) a digital identity. A digitalidentity can correspond to the physical identity of the user. Thedigital identity can be unique to the mobile device 108 of the user(e.g., one digital identity per mobile device of the user). The digitalidentity can be (or be a portion of) an app, for instance (e.g.,executable instructions stored on a computer-readable medium).

In some embodiments, the digital identity can be a permanent digitalidentity. A permanent digital identity can be a digital identity thatdoes not expire. For example, a permanent digital identity can be sentto the mobile device of a user who is an employee that works in thefacility. The employee can utilize the permanent digital identity untilthe employee is no longer employed at the facility.

In some embodiments, the digital identity can be a temporary digitalidentity. A temporary digital identity can be a digital identity thatexpires after a set period of time. For example, a temporary digitalidentity can be sent to the mobile device of a user who is a visitor orguest at the facility. After the set period of time, the visitor/guest'stemporary digital identity can expire, and the visitor/guest can loseaccess to the building (or to particular areas of the building). In someembodiments, the digital identity can be shared with a buildingmanagement system. The building management system can allow management(e.g., monitoring and/or control) of the facility.

Thus, determining whether the user of the mobile device 108 is allowedaccess to the area 102 can include determining whether the user isallowed access at the particular time that the user is in proximity tothe area 102. The time can refer to the time of a day and/or the day ofa week, for instance, though embodiments of the present disclosure arenot so limited.

A digital identity can be associated with (e.g., assigned) accessrights. Access rights assigned to a digital identity can vary from oneuser to another. Access rights, as used herein, can include informationdescribing a user's ability to access different areas of the facility101. For example, a supervisory employee may be able to access moreareas of a facility than a lower level employee.

In some embodiments, the access rights can be preconfigured accessrights. For example, lower level employees can be given an access levelthat grants an employee access to lower security areas of a facility,whereas higher level employees can be given an access level that allowsthose higher level employees access to areas with higher securityrestrictions. As an additional example, access levels can bepreconfigured based on the position the employee holds (e.g., asecretary can receive a different access level than a buildingtechnician).

In some embodiments, the access rights can be customized access rights.Customized access rights can include access rights that are customizedfor an individual user. For example, a user can receive access to areasA, B, C, and E, but not area D. As another example, a user can receiveaccess to a number of areas of a building that do not fall within apreconfigured access level.

In some embodiments, a digital identity may expire after a particularperiod of time (e.g., one day). In some embodiments, a digital identitymay expire based on a location of the mobile device 108. For example, adigital identity may expire when a user visiting the facility 101 exitsthe facility 101. As the digital identity expires, so too can the accessrights associated with it.

Some embodiments calling for enhanced security can verify that themobile device 108 to which the digital identity has been provided isindeed possessed by the correct user (e.g., the user allowed access).For example, the user can be authenticated to the mobile device 108.Such authentication can be carried out responsive to a prompt issued bythe mobile device 108. In some embodiments, authenticating the user tothe mobile device 108 can include receiving one or more inputs made bythe user. In some embodiments, input(s) can include PINs, codes,patterns, etc. In some embodiments, inputs can include one or morebiometric inputs. A biometric input can include a fingerprint scan, afacial scan, etc., though it is to be understood that embodiments of thepresent disclosure are not limited to particular biometric input(s).

Embodiments of the present disclosure can provide a notificationresponsive to a determination that the user is not allowed access to theparticular area 102. In some embodiments, a notification can be providedto the mobile device 108. Such a notification may read “you have entereda restricted area, please turn around,” for instance. In someembodiments, a notification can be provided to a computing deviceassociated with a security system of the facility. The computing devicecan be the ACS 107 in some embodiments. Once received, such anotification may prompt (or cause) the dispatch of security personnel tomake contact with the carrier of the mobile device 108.

Notifications can be provided in accordance with embodiments herein forother reasons. For instance, a notification can be provided to thecomputing device associated with the security system of the facility 101responsive to a determination that a location functionality of themobile device 108 is deactivated. The location functionality may includethe functionality allowing the mobile device to communicate with thebeacons 106, for instance, (e.g., Bluetooth, WiFi, etc.). In someembodiments, a notification can be provided to the ACS 107 responsive toa loss of a communication between the ACS 107 and the mobile device 108(e.g., because of a deactivation of a communication functionality of themobile device 108). In some embodiments, a notification can be providedto the ACS 107 responsive to a determination that the mobile device 108did not establish a communication with one or more of the beacons 106associated with the door 105 before entering the area 102. In someembodiments, a notification can be provided to the ACS 107 responsive toa determination that the mobile device was purposely (e.g., due to poweroff) or accidentally (e.g., due to expiration of battery) deactivated.In such cases, occupancy of the user in the area 102 can be determinedusing one or more devices of the facility other than the beacons 106.Such devices can include, for example, infrared counting beams,occupancy detectors, cameras, etc.

In some embodiments, controlled access to the area 102 can involve theutilization of a “virtual turnstile” in which the mobile device 108 isdetermined to have gone in through the door 105 and out through the door105 to arrive in the area 102. In such embodiments, a subset (e.g.,three) of the beacons 106 may be used. For example, a communicationestablished between the mobile device 108 and a first beacon 106-1 canindicate that the user carrying the mobile device 108 potentiallyintends to enter the area 102 via the door 105. Such a communication isillustrated in FIG. 1B. A second communication can be establishedbetween the mobile device 108 and a second beacon 106-2 as the userapproaches the door 105. Such a communication is illustrated in FIG. 1C.

FIG. 1C illustrates the system 100 for access control via a mobiledevice wherein the mobile device 108 is located at a second location inaccordance with one or more embodiments of the present disclosure. Asshown, the second location is closer to the door 105 than the firstlocation (the distance from the first location to the door exceeds thedistance from the second location to the door). Subsequent to the firstcommunication between the mobile device 108 and the first beacon 106-1,a communication established between the beacon 106-2 indicates that theuser is approaching the door 105 with the intent to enter the area 102.If the user is determined to be allowed access to the area 102, themobile device 108 and/or the ACS 107 can transmit a signal (e.g., acontrol signal) to the relay 104 associated with the area 102 to allowaccess. In an example, the relay 104 can be responsible for physicallylocking the door 105 to the area 102 and the signal causes the relay 104to change from a locked mode to an unlocked mode. Thus, the relay 104can grant the user access to the area 102 responsive to a determinationby the mobile device 108 and/or the ACS 107 that the user is allowedaccess.

FIG. 1D illustrates the system 100 for access control via a mobiledevice wherein the mobile device 108 is located at a third location inaccordance with one or more embodiments of the present disclosure. Onceinside the area 102, the mobile device 102 can establish a communicationwith a third beacon 106-3 interior to the area 102 thereby apprising theACS 107 that the user has indeed entered and is now occupying the area102. In some embodiments, the mobile device 108 is determined to belocated in the area responsive to the first communication, the secondcommunication, and the third communication, in that order.

In some embodiments, the relay 104 can be configured to deny the useraccess to the area 102 responsive to a failure of communication betweenthe mobile device 108 and the first beacon 106-1, a failure ofcommunication between the mobile device 108 and the second beacon 106-2,or a determination by the mobile device 108 that the user is not allowedaccess to the area 102 based on the digital identity.

When the user leaves the area 102, the process can be reversed. Forinstance, a fourth communication between the mobile device 108 and thethird beacon 106-3 can be established subsequent to the thirdcommunication (which was also between the mobile device 108 and thethird beacon 106-3). A fifth communication between the mobile device 108and the second beacon 106-2 can be established subsequent to the fourthcommunication, and a sixth communication between the mobile device 108and the first beacon 106-1 can be established subsequent to the fifthcommunication.

FIG. 2 illustrates a mobile device 208 in accordance with one or moreembodiments of the present disclosure. The mobile device 208 can be acomputing device. The mobile device 208 can include a memory 212 and aprocessor 210 configured to execute executable instructions stored inthe memory 212 to perform various examples of the present disclosure,for example. That is, the memory 212 can be any type of non-transitorystorage medium that can be accessed by the processor 210 to performvarious examples of the present disclosure. For example, the memory 212can be a non-transitory computer readable medium having computerreadable instructions (e.g., computer program instructions) storedthereon that are executable by the processor 210.

The memory 212 can be volatile or nonvolatile memory. The memory 212 canalso be removable (e.g., portable) memory, or non-removable (e.g.,internal) memory. For example, the memory 212 can be random accessmemory (RAM) (e.g., dynamic random access memory (DRAM) and/or phasechange random access memory (PCRAM)), read-only memory (ROM) (e.g.,electrically erasable programmable read-only memory (EEPROM) and/orcompact-disc read-only memory (CD-ROM)), flash memory, a laser disc, adigital versatile disc (DVD) or other optical storage, and/or a magneticmedium such as magnetic cassettes, tapes, or disks, among other types ofmemory.

Further, although memory 212 is illustrated as being located within themobile device 102, embodiments of the present disclosure are not solimited. For example, memory 212 can also be located internal to anothercomputing resource (e.g., enabling computer readable instructions to bedownloaded over the Internet or another wired or wireless connection).In some embodiments, the memory 212 and/or the processor 210 can belocated in the ACS 107.

In addition to, or in place of, the execution of executableinstructions, various examples of the present disclosure can beperformed via one or more devices (e.g., one or more controllers) havinglogic. As used herein, “logic” is an alternative or additionalprocessing resource to execute the actions and/or functions, etc.,described herein, which includes hardware (e.g., various forms oftransistor logic, application specific integrated circuits (ASICs),etc.), as opposed to computer executable instructions (e.g., software,firmware, etc.) stored in memory and executable by a processor. It ispresumed that logic similarly executes instructions for purposes of theembodiments of the present disclosure.

Although specific embodiments have been illustrated and describedherein, those of ordinary skill in the art will appreciate that anyarrangement calculated to achieve the same techniques can be substitutedfor the specific embodiments shown. This disclosure is intended to coverany and all adaptations or variations of various embodiments of thedisclosure.

It is to be understood that the above description has been made in anillustrative fashion, and not a restrictive one. Combination of theabove embodiments, and other embodiments not specifically describedherein will be apparent to those of skill in the art upon reviewing theabove description.

The scope of the various embodiments of the disclosure includes anyother applications in which the above structures and methods are used.Therefore, the scope of various embodiments of the disclosure should bedetermined with reference to the appended claims, along with the fullrange of equivalents to which such claims are entitled.

In the foregoing Detailed Description, various features are groupedtogether in example embodiments illustrated in the figures for thepurpose of streamlining the disclosure. This method of disclosure is notto be interpreted as reflecting an intention that the embodiments of thedisclosure require more features than are expressly recited in eachclaim.

Rather, as the following claims reflect, inventive subject matter liesin less than all features of a single disclosed embodiment. Thus, thefollowing claims are hereby incorporated into the Detailed Description,with each claim standing on its own as a separate embodiment.

What is claimed:
 1. A non-transitory computer-readable medium havinginstructions stored thereon executable by a processor to: track alocation of a mobile device in a facility based on communicationsbetween the mobile device and a plurality of beacons located in thefacility, wherein the mobile device is associated with a particular userhaving access rights associated with the facility; determine that themobile device is located in a particular area of the facility; determinewhether the user is allowed access to the particular area based on theaccess rights; provide a first notification responsive to adetermination that the user is not allowed access to the particulararea; provide a second notification to a computing device associatedwith a security system of the facility responsive to a determinationthat the mobile device did not establish a communication with at leastone of the plurality of beacons associated with a door to the particulararea of the facility before entering the particular area; and provide athird notification to the computing device associated with the securitysystem of the facility responsive to a determination that a locationfunctionality of the mobile device was purposely deactivated by a user.2. The medium of claim 1, wherein the instructions include instructionsto provide the first notification, the second notification, and thethird notification to the mobile device.
 3. The medium of claim 1,wherein instructions include instructions to provide the firstnotification, the second notification, and the third notification to thecomputing device associated with the security system of the facility. 4.The medium of claim 1, wherein the instructions include instructions toprovide a fourth notification to the computing device associated withthe security system of the facility responsive to a loss of acommunication between the computing device associated with the securitysystem and the mobile device.
 5. The medium of claim 1, wherein theinstructions to determine that the mobile device is located in aparticular area of the facility include instruction to determine thatthe mobile device is located in the particular area of the facilitybased on a communication between the mobile device and one of theplurality of beacons located in the particular area.
 6. The medium ofclaim 1, wherein the plurality of beacons includes: a first beaconexterior to the particular area of the facility located a first distancefrom the door to the particular area; a second beacon exterior to theparticular area of the facility located a second distance from the doorto the particular area, wherein the first distance exceeds the seconddistance; and a third beacon interior to the particular area of thefacility; and wherein the instructions include instructions to track themobile device based on communications between the mobile device and thefirst beacon, the second beacon, and the third beacon.
 7. The medium ofclaim 6, wherein the instructions include instructions to determine thatthe mobile device is located in the particular area responsive to: afirst communication between the mobile device and the first beacon; asecond a communication between the mobile device and the second beaconsubsequent to the first communication; and a third communication betweenthe mobile device and the third beacon subsequent to the secondcommunication.
 8. A system for providing access control via a mobiledevice, comprising: an access control system configured to: determine anarea of a facility to which a user is authorized access; and provide adigital identity configured to allow the user access to the area; afirst beacon exterior to the area of the facility located a firstdistance from a door to the area; a second beacon exterior to the areaof the facility located a second distance from the door to the area,wherein the first distance exceeds the second distance; and a thirdbeacon interior to the area of the facility; a mobile device associatedwith the user and configured to: receive the digital identity; andcommunicate with the first beacon, the second beacon, and the thirdbeacon; and a relay configured to deny the user access to the area ofthe facility responsive to: a failure of communication between themobile device and the first beacon, and a failure of communicationbetween the mobile device and the second beacon, wherein the accesscontrol system is configured to determine that the mobile device islocated in the area of the facility responsive to a communicationbetween the mobile device and the first beacon followed by acommunication between the mobile device and the second beacon followedby a communication between the mobile device and the third beacon. 9.The system of claim 8, wherein the mobile device is a smart phone. 10.The system of claim 8, wherein the mobile device is a wearable device.11. The system of claim 8, wherein the first, second, and third beaconsare Bluetooth low energy beacons.
 12. The system of claim 8, wherein thesystem includes a relay configured to grant the user access to the areaof the facility responsive to: the communication between the mobiledevice and the first beacon; the communication between the mobile deviceand the second beacon; and a determination by the mobile device that theuser is allowed access to the area based on the digital identity. 13.The system of claim 8, wherein the relay is configured to deny the useraccess to the area of the facility responsive to a determination by themobile device that the user is not allowed access to the area based onthe digital identity.
 14. The system of claim 8, wherein the accesscontrol system is configured to determine that the user has entered theparticular area responsive to: the communication between the mobiledevice and the first beacon; the communication between the mobile deviceand the second beacon; and the communication between the mobile deviceand the third beacon.
 15. The system of claim 14, wherein the accesscontrol system is configured to determine that the user has exited theparticular area responsive to: a fourth communication between the mobiledevice and the third beacon subsequent to the third communication; afifth communication between the mobile device and the second beaconsubsequent to the fourth communication; and a sixth communicationbetween the mobile device and the first beacon subsequent to the fifthcommunication.
 16. A method for providing access control via a mobiledevice, comprising: tracking a location of a mobile device in a facilityusing a plurality of wireless beacons in the facility, wherein themobile device includes a digital identity corresponding to a particularuser having access rights associated with the facility; determining thatthe mobile device is located in a particular area of the facility;determining whether the user is allowed access to the particular areabased on the digital identity; providing a first notification responsiveto: a determination that the user is not allowed access to theparticular area; and a determination that the mobile device did notestablish a communication with a wireless beacon associated with a doorto the particular area before entering the particular area; providing asecond notification responsive to: a determination that the user is notallowed access to the particular area; and a determination that acommunication functionality of the mobile device is deactivated; and,providing a third notification responsive to: a determination that theuser is not allowed access to the particular area; and a determinationthat the mobile device was purposely deactivated.
 17. The method ofclaim 16, wherein the method includes determining that the mobile deviceis located in the particular area based on a communication between themobile device and a wireless beacon in the particular area.
 18. Themethod of claim 16, wherein the method includes determining the mobiledevice is located in the particular area based on information receivedfrom a device of the facility other than the plurality of wirelessbeacons.